QNAP users still struggling with Deadbolt ransomware after forced firmware updates

QNAP Network Attached Storage (NAS) device users are still struggling to address a range of issues connected to the Deadbolt ransomware, which began infecting devices earlier this week

On Tuesday, QNAP NAS users flocked to Reddit and QNAP forums to report ransomware infections. Censys reported that of the 130,000 QNAP NAS devices, 4,988 services “exhibited the telltale signs of this specific piece of ransomware.”

On Friday afternoon, Censys updated its report, telling ZDNet that overnight, the number of exposed and ransomware infected devices went down by 1,061 to 3,927. 

A map of the infected devices around the world. 

Censys

“Why this went down could be for any number of reasons, we’re still investigating to see if we can pinpoint the reasoning behind this,” a Censys spokesperson said, theorizing that the decrease could be attributed to a forced update from QNAP. 

On Wednesday, QNAP initially urged users to update to the latest version of QTS, the Linux based operating system developed by the Taiwanese company to run on their devices.

But MalwareBytes said QNAP pushed out an automatic, forced update with firmware on Thursday containing the latest security updates.

“Later that day, QNAP took more drastic action and force-updated the firmware for all customers’ NAS devices to version 5.0.0.1891, the latest universal

Read More: https://www.zdnet.com/article/decryptor-released-for-deadbolt-ransomware-affecting-qnap-nas-devices/#ftag=RSSbaffb68